List page in the IT Remediation Workspace

Zurich Security Management

Release

zurich

ft:locale

en-US

ft:publication_title

Zurich Security Management

ft:clusterId

security

bundleId

security

workflow

Technology

List page in the IT Remediation Workspace

Release version: Zurich

Updated July 31, 2025

7 minutes to read

Summarize

Summarized using AI

Summary of List page in the IT Remediation Workspace

The List view in the IT Remediation Workspace enables remediation owners to efficiently view and manage records related to vulnerabilities and misconfigurations assigned to them or their groups. These records include host, application, container vulnerable items (VITs, AVITs, CVITs), configuration test results (CTRs), remediation tasks, exception requests, penetration test requests, findings, and supporting data. This workspace centralizes access to remediation efforts, facilitating faster and organized vulnerability management.

Show full answer Show less

Roles Required

snvul.remediationowner – for host vulnerable items (VITs)
snvul.appsecuritychampion – for application vulnerable items (AVITs)
snvulcontainer.remediationowner – for container vulnerable items (CVITs)
snvulc.remediationowner – for configuration test results (CTRs)

Key Features

Two Main Tabs:
- Lists tab: Displays default lists for remediation tasks, vulnerable items, solutions, exceptions, configuration test results, and more.
- My Lists tab: Allows users to view, rename, or create custom lists tailored to their needs.
Predefined Filter Link Integration: When enabled by an admin, selecting filters in Vulnerability Response modules redirects to relevant lists in the IT Remediation Workspace for seamless navigation.
Customizable List Display: Users can group remediation tasks by record type or hide record count via system properties for personalized views.

Important Lists and Their Uses

Remediation Tasks: View remediation tasks assigned to the user or their groups, across host, app, container, and test results.
Impacted Assets: Lists configuration items impacted and assigned for remediation.
Vulnerable Items (Host, Application, Container): Lists assigned vulnerable items allowing direct navigation to remediation work.
Configuration Test Results: Displays test results requiring remediation.
Solutions: Shows available and preferred remediation solutions if Vulnerability Solution Management is installed.
Exception Requests: Lists all exception, false positive, and unassign approval requests raised by the user for vulnerable items and test results.
Supporting Libraries: Provides access to vulnerability intelligence libraries (NVDs, CWEs, third-party app vulnerabilities, tests, and test groups) for research and reference.
CMDB Data: Includes discovered configuration items and container images relevant to remediation efforts.
Penetration Test Assessment Requests and Findings: Allows tracking of penetration test requests and findings assigned to the user or their groups.
Supporting Data: Contains authoritative sources and technology frameworks useful for understanding and validating vulnerability information.

Practical Benefits for ServiceNow Customers

This workspace consolidates multiple vulnerability and remediation lists into a single, role-based interface, enhancing visibility and speeding up remediation workflows. By using the List page, remediation owners can quickly identify their tasks, exceptions, and required assessments, enabling more efficient risk reduction and compliance management. The ability to customize lists and integrate filter navigation improves user experience and productivity.

The List view in the IT Remediation Workspace permits remediation owners to view the records (VITs, AVITs, CVITs, and TRs) assigned to them and their assignment groups, and remediate these vulnerabilities and misconfigurations. You can also view the list of preferred solutions that are recommended for remediating the host vulnerable items (VITs). Along with these lists, you can view the list of exception requests and penetration test assessment requests raised by you, penetration test findings associated with your penetration test assessment requests, supported libraries and other supported data.

Roles required:

sn_vul.remediation_owner for host vulnerable items (VITs)
sn_vul.app_security_champion for application vulnerable items (AVITs)
sn_vul_container.remediation_owner for container vulnerable items (CVITs)
sn_vulc.remediation_owner for configuration test results (CTRs)

The lists and links on the List page provide you with easy access to records and tasks. It contains two tabs:

Lists tab: Displays the default lists for remediation efforts, remediation tasks, vulnerable items (VITs, AVITs, or CVITs), solutions, exceptions, and configuration test results (TRs), etc. For more information, see the following table.
My Lists tab: Displays any list that you’ve renamed from the List tab and any list that you create.
You can also create your own list of records. For more information, see Create a list in the IT Remediation Workspace.

Tip:

If the sn_vul_cmn_ws.navigate_to_workspace system property is set to true by the admin, upon selecting the predefined filter links in the Vulnerability Response, Application Vulnerability Response, Container Vulnerability Response, and Test Results module in Configuration Compliance under the All menu, these links open in the List page in the IT Remediation Workspace.

For example, if you select Assigned to My Groups by navigating to All > Vulnerability Response > Remediation Tasks > Assigned to My Groups, this link is redirected to the IT Remediation Workspace. The Assigned to my group list in the Remediation Tasks module opens in the List page of the IT Remediation Workspace if you have a remediation owner role. To view the host remediation tasks, group the tasks by Record Type.

You can hide the record count on a list using the glide.ui.list.seismic.omit.count system property. For more information on how to turn off/on the record count display on a list, see the KBB0010402 KB article.

Lists tab

The following lists are displayed:

Table 1. Lists
List item	Description	Applications required	Role Required
Remediation Tasks	View the list of remediation tasks and navigate to the desired task to start working on them. The following lists are available: Assigned to you: Lists all the host, application, container and Test result remediation tasks that are assigned to you. Assigned to my group: Lists all the host, application, container and Test result remediation tasks that are assigned to the assignment groups to which you belong to. Group the tasks by the Record type to categorize them into host, application, container and configuration test results remediation tasks. Remediation tasks that are created by the remediation task rules in the classic UI have an empty Remediation effort.	Vulnerability Response, Application Vulnerability Response, Container Vulnerability Response, and Configuration Compliance	sn_vul.remediation_owner for host vulnerable items (VITs) sn_vul.app_security_champion for application vulnerable items (AVITs) sn_vul_container.remediation_owner for container vulnerable items (CVITs) sn_vulc.remediation_owner for configuration test results (CTRs)
Impacted assets	View the list of assets that are impacted. The following lists are available: Assigned to you: List of impacted configuration items assigned to you Assigned to my group: List of impacted configuration items assigned to your assignment groups.	Vulnerability Response, Application Vulnerability Response, Container Vulnerability Response, and Configuration Compliance	sn_vul.remediation_owner for host vulnerable items (VITs) sn_vul.app_security_champion for application vulnerable items (AVITs) sn_vul_container.remediation_owner for container vulnerable items (CVITs) sn_vulc.remediation_owner for configuration test results (CTRs)
Host Vulnerable items	View the list of host vulnerable items and navigate to the desired item to start working on them. This lists are available: Assigned to me: List of host vulnerable items assigned to you for remediation. Assigned to my group: List of host vulnerable items assigned to the assignment groups that you belong to.	Vulnerability Response	sn_vul.remediation_owner for host vulnerable items (VITs)
Application Vulnerable items	View the list of host vulnerable items and navigate to the desired item to start working on them. The following lists are available: Assigned to me: List of application vulnerable items assigned to you for remediation. Assigned to my group: List of application vulnerable items assigned to the assignment groups to which you belong to.	Application Vulnerability Response	sn_vul.app_security_champion
Container Vulnerable items	View the list of container vulnerable items and navigate to the desired item to start working on them. This list view contains: Assigned to me: List of container vulnerable items assigned to you for remediation. Assigned to my group: List of container vulnerable items assigned to the assignment groups to which you belong to.	Container Vulnerability Response	sn_vul_container.remediation_owner View the list of assessments needed to perform post incident review.
Configuration Test Results	View the list of test results and navigate to the desired record to start working on them. This list view contains: Assigned to me: List of configuration test results assigned to you for remediation. Assigned to my group: List of configuration test results assigned to the assignment groups that you belong to.	Configuration Compliance	sn_vulc.remediation_owner
Solutions	Lists the solutions from the solution management application. The Solutions list is displayed if the Vulnerability Solution Management application is installed. All: Shows all the available solutions which you use to remediate the host vulnerable items. Highest Supersedence: Shows all the solutions which are used to populated Preferred Solutions. With Vulnerable items: Shows the solutions which are being used as Preferred Solution on Vulnerable Items.	Vulnerability Response	sn_vul.remediation_owner
Exception requests	My requests: List of all the exception, false positive, and unassign approval requests raised by you for host, application, and container vulnerable items and their remediation tasks. My requests (configuration compliance): List of all the exception, false positive, and unassign approval requests raised by you for the test results and their remediation tasks that you are working on.	Vulnerability Response, Application Vulnerability Response, Container Vulnerability Response, and Configuration Compliance	sn_vul.remediation_owner for host vulnerable items (VITs) sn_vul.app_security_champion for application vulnerable items (AVITs) sn_vul_container.remediation_owner for container vulnerable items (CVITs) sn_vulc.remediation_owner for configuration test results (CTRs)
Libraries	Contains the following lists: NVDs: A comprehensive library of vulnerability intelligence maintained by the National Institute of Standards and Technology (NIST). List of vulnerabilities found by NVD and includes security checklists, security-related software flaws, misconfigurations, product names, and impact metrics including exploits. CWEs: List of community-developed software weakness types. Each CWE record also includes an associated knowledge article that describes the weakness. App Vulnerabilities: List of all the third-party application vulnerability entries. TPEs: List of imported third-party vulnerabilities in your instance. Contains a list of related references, vulnerable items, exploits, and CVEs. Tests: Tests imported from the third party integrations with which the test results must comply. Test Groups: List of test groups/policies imported from the third party integrations. A test group contains a set of tests.	Vulnerability Response, Application Vulnerability Response, Container Vulnerability Response, and Configuration Compliance	sn_vul.remediation_owner for host vulnerable items (VITs) sn_vul.app_security_champion for application vulnerable items (AVITs) sn_vul_container.remediation_owner for container vulnerable items (CVITs) sn_vulc.remediation_owner for configuration test results (CTRs)
CMDB	Discovered items: List of all the discovered items. Discovered container images:	Vulnerability Response, Application Vulnerability Response, Container Vulnerability Response, and Configuration Compliance	sn_vul.remediation_owner for host vulnerable items (VITs) sn_vul.app_security_champion for application vulnerable items (AVITs) sn_vul_container.remediation_owner for container vulnerable items (CVITs) sn_vulc.remediation_owner for configuration test results (CTRs)
Penetration Test Assessment Requests	Penetration testing assessment requests submitted to security team by you for performing a security assessment of any business application. This list contains: Assigned to Me: List of Penetration Test Assessment Requests raised by you. Assigned to My Groups: List of Penetration Test Assessment Requests raised by the users in your assignment groups.	Application Vulnerability Response	sn_vul.app_security_champion
Penetration Test Findings	List of vulnerabilities identified during the Pen Test Assessment performed by the security team: Assigned to Me: List of Penetration Test Findings assigned to you for remediation. Assigned to My Groups: List of Penetration Test Findings assigned to your assignment groups for remediation.	Application Vulnerability Response	sn_vul.app_security_champion
Supporting Data	This list view contains: Authoritative Sources: List of authoritative sources that provide the summary information which is useful to research the source publications that were used to create the record. Technologies: List of technologies that provide the summary information about each authoritative sources and citation (also known, in Qualys, as a framework).	Configuration Compliance	sn_vulc.remediation_owner